Skip to content

CVE lookup

CVE-2026-39850

Pruva has a verified reproduction for CVE-2026-39850: Yii2: local file inclusion via View::renderPhpFile extract() of caller-controlled params. The canonical evidence record is REPRO-2026-00156.

REPRO

REPRO-2026-00156

Package

yiisoft/yii2 · composer

Severity

HIGH

Status

published